The advances in communication technology has fostered tremendous growth of transactions using mobile or Internet-of-Things (IoT) devices. As an example, on-line banking and other types of transactions using mobile and IoT devices have exploded in recent years. The popularity of transactions using mobile and IoT devices is due to the convenience factor. For example, a user can conduct a transaction virtually anywhere and anytime with the use of a mobile or an IoT device. A major concern, however, with such types of transactions is security. For example, transaction information may be intercepted or illegally obtained by third parties, potentially exposing confidential information, such as personal information, including banking and other sensitive information. Such information, when accessed by unwanted parties, may subject the user to potential risk of identity theft and other fraudulent or criminal activities.
Security measures may be implemented to reduce the risks to a user of transactions using mobile and IoT devices. Conventional security measures include the use of software tokens for transaction signing. Conventional software tokens rely on a seed and a counter, both of which are both resident on a mobile device. The seed and counter are used to generate a one-time password. The seed and counter are securely stored in a user device, such as in a sandbox or a secured container. Although software tokens provide some measure of security, it is prone to hacking by third parties since it is stored in the user's mobile device. For example, malware and other hacking software may be easily employed to hack a user's mobile device to access the seed and counter. This enables unwanted third parties to conduct transactions based on the illegally obtained counter and seed.
Based on the foregoing discussion, there is a need to improve security for transactions using mobile and IoT devices.